TechFlow reports that on February 20, digital asset wallet TokenPocket issued a statement responding to the incident on February 14, in which users' assets were aggregated and stolen by hackers. Technical analysis revealed that affected users had downloaded a third-party mining software called "Bom," which contained malicious behavior of unauthorized access to users' photo albums and uploading data, resulting in the leakage of users' mnemonic phrases or private keys.
TokenPocket has partnered with security firms including SlowMist Technology and GoPlusSecurity, and is reminding users to immediately stop using unverified third-party tools, and to avoid saving mnemonic phrases and private keys via screenshots, social media platforms, cloud storage, or similar methods.
Earlier report, GoPlus issued a security alert stating that a certain trading platform or Trading Bot may have been compromised, with cross-chain asset aggregation exceeding $1 million USD.




